1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised.

Verified that the workflow for introducing static analysis into OWASP projects has been created.

Verified that OWASP projects have been submitted to be analyzed on the owasp.fortify.com site to establish an OWASP baseline. These are AntiSamy, CSRFGuard2, CSRFTester, DirBuster, JBroFuzz, Lapse, Stinger, Webekci, WebGoat, WebScarab

Verified that the project has submitted more than 25 open source PHP applications (besides mySQL) to be analyzed.

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

Workflow for introducing static analysis into OWASP projects (100%).

Analyzed 10 OWASP projects (100%).

Analyzed little more then 25 open source PHP projects on owasp.fortify.com (100%).

3. Please do use the right hand side column to provide advice and make work suggestions.

It would be nice to have results aggregated and published for both OWASP projects and PHP projects so statistics can be used on security of open source projects/applications.